Browse all 8 CVE security advisories affecting Elefant. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Elefant is a PHP-based content management system designed for building websites and web applications with a focus on simplicity and extensibility. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from input validation flaws and insecure session management. The platform's lightweight architecture has contributed to its popularity but also resulted in security oversights. While no major public security incidents have been widely reported, the 8 CVEs on record highlight consistent but typically low-severity issues that administrators should address through timely updates and hardening practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-20064 | Elefant CMS layout code injection — CMSCWE-94 | 6.3 | Medium | 2022-06-20 |
| CVE-2017-20063 | Elefant CMS File Upload drop privileges management — CMSCWE-269 | 6.3 | Medium | 2022-06-20 |
| CVE-2017-20062 | Elefant CMS cross-site request forgery — CMSCWE-352 | 5.0 | Medium | 2022-06-20 |
| CVE-2017-20061 | Elefant CMS extended Reflected cross site scriting — CMSCWE-80 | 4.3 | Medium | 2022-06-20 |
| CVE-2017-20060 | Elefant CMS Blog Post Persistent cross site scriting — CMSCWE-80 | 3.5 | Low | 2022-06-20 |
| CVE-2017-20059 | Elefant CMS Title Persistent cross site scriting — CMSCWE-80 | 3.5 | Low | 2022-06-20 |
| CVE-2017-20058 | Elefant CMS Version Comparison Persistent cross site scriting — CMSCWE-80 | 4.3 | Medium | 2022-06-20 |
| CVE-2017-20057 | Elefant CMS Persistent cross site scriting — CMSCWE-80 | 4.3 | Medium | 2022-06-20 |
This page lists every published CVE security advisory associated with Elefant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.